CentOS7-CIS
CentOS7-CIS copied to clipboard
In many tasks it is simply mentioned `command: /bin/true`
There is no use with this command related to CIS hardening
https://github.com/radsec/CentOS7-CIS/blob/master/tasks/section1.yml#L281
- name: "NOTSCORED | 1.1.18 | PATCH | Ensure nodev option set on removable media partitions"
command: /bin/true
changed_when: no
when:
- centos7cis_level1 is defined and centos7cis_level1
tags:
- level1
- notscored
- patch
- rule_1.1.18
So this is implemented so each CIS controls at least returns a value. Some people in the past have parsed Ansible playbook execution logs and use that to determine CIS benchmark compliance. A possible feature could be to only return true if requested? Thoughts?